Description
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users (i.e., per-machine scope), the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by the installing user, this may allow a low privilege but authenticated user to replace or modify the binaries installed by the application. If an administrator then runs the altered binary, the binary will run with elevated privileges. The problem is caused by the template used to generate the WXS file for Windows projects. It was fixed in the templates used in Briefcase 0.3.26, 0.4.0, and 0.4.1. Re-running `briefcase create` on your Briefcase project will result in the updated templates being used. As a workaround, the patch can be added to any existing Briefcase .wxs file generated by Briefcase 0.3.24 or later.
Published: 2026-03-26
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Briefcase creates an MSI installer that, when installed for All Users, generates a supporting directory which inherits the parent directory's permissions. The inherited permissions allow a low‑privileged but authenticated user to replace or modify binaries installed by the application. If an administrator later executes the altered binary, it runs with elevated privileges. This flaw is a classic directory traversal/permission issue, classified as CWE‑732 and representing a high‑severity privilege escalation risk.

Affected Systems

The vulnerability affects Briefcase versions 0.3.0 up to and including 0.3.25. Repairs were introduced in Briefcase 0.3.26, and the same templates used in 0.4.0 and 0.4.1 remain secure. Users deploying earlier releases on Windows systems must verify they are not using these vulnerable ranges.

Risk and Exploitability

The CVSS score of 7.3 reflects a high risk once the vulnerability is exploited. Although no EPSS value is available and the flaw is not yet listed in the CISA KEV catalog, the attack model is locally feasible: a legitimate user who can install an MSI for All Users can modify the files. An attacker would need to influence the MSI installation path or intentionally place the installer in a privileged directory. Once the binaries are altered, the attacker can gain elevated privileges on the host if an administrator subsequently runs the tampered executable. Given the local nature of the attack, containment requires restricting MSI install scope or promptly applying the vendor patch.

Generated by OpenCVE AI on March 26, 2026 at 18:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Briefcase to version 0.3.26 or later
  • Re‑run briefcase create on your project to regenerate the updated WXS templates
  • If upgrading immediately is not possible, apply the patch to any existing .wxs file generated by Briefcase 0.3.24 through 0.3.25
  • Avoid installing MSI packages in an All Users scope when using an older Briefcase version

Generated by OpenCVE AI on March 26, 2026 at 18:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r3r2-35v9-v238 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
History

Mon, 20 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:beeware:briefcase:*:*:*:*:*:python:*:*

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Beeware
Beeware briefcase
Vendors & Products Beeware
Beeware briefcase

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users (i.e., per-machine scope), the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by the installing user, this may allow a low privilege but authenticated user to replace or modify the binaries installed by the application. If an administrator then runs the altered binary, the binary will run with elevated privileges. The problem is caused by the template used to generate the WXS file for Windows projects. It was fixed in the templates used in Briefcase 0.3.26, 0.4.0, and 0.4.1. Re-running `briefcase create` on your Briefcase project will result in the updated templates being used. As a workaround, the patch can be added to any existing Briefcase .wxs file generated by Briefcase 0.3.24 or later.
Title Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Beeware Briefcase
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-01T03:55:18.727Z

Reserved: 2026-03-19T18:45:22.435Z

Link: CVE-2026-33430

cve-icon Vulnrichment

Updated: 2026-03-26T17:47:36.704Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T17:16:38.713

Modified: 2026-04-20T14:06:46.880

Link: CVE-2026-33430

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:06Z

Weaknesses